Re:It's not just the shady companies
on
The Spyware Inferno
·
· Score: 2, Informative
I have the idea that it keeps all the various settings Windows has for file association in sync with what the user has specified in the QT control panel.
But qttask is easy to get rid of! The Quicktime control panel has a checkbox for it, and once unchecked it is gone forever, inlcluding a reinstall or upgrade of QT as far as I remember.
Should I mail you at akinghtcowboy@mail.slashdot.org?:)
This dilemma is resolved by the SRV DNS RR type. "Give me the endpoint for the 'web' service of 'domain.example':
_web._tcp.domain.example. IN SRV 5 0 80 webserver.domain.example
SRV is like a more generalised form of MX; in fact you could declare that MX was deprecated in favour of _mail._tcp.domain.example. Everyone seems to be happy to contiue using A records for web sites, however.
I just hope she remembers the name of the company who got her into all this shit ("Microsoft") and buys a Mac next time. Of course she probably ponied up another $2000 for a brand new computer running Microsoft Windows XP, without a second thought.
Fortunatly the arms race has not escalated so far that malware sits in the background, filtering all outgoing traffic destined for firewall web admin pages, checking the POST request bodies against known templates to extract the username and password (the templates for which being updated to work on new models of router/firewalls by downloading them from a P2P network)...
If I am dumb enough to run a program I got emailed at random on my Linux machine, any iptables commands it tries to run will fail becasue I don't run everything as root. Ditto for my (hypothetical) Macintoshes, or other unix workstations.
Unfortunatly the fact is that, due to years of bad software engineering on the part of MICROS~1 and lazy developers, pretty much every Windows user who is not locked down as part of a large corporate installation (which often aren't vulnerable to worms anyway because of decent security policies) logs in as an administrator all the time. All it takes is one malicious piece of software to disable the firewall, and bingo! the machine is vulnerable.
You say the firewall will wipe out 99.5% of Windows compromises. What about those users who don't install SP2, due to ignorance, apathy or piracy? What about all the Win2k, Windows ME, Win98, 95, machines still around?
It's like the fscking MS Office Assistant. Sure, it's easy to turn off on your own computer, but every other computer you sit down in front of is sure to have the infernal paperclip pop up and tell you that it looks like you're writing a letter!!
At best, I can see the process of natural selection escalating the arms race between MS and the blackhats. Either way, interesting times lie ahead!
How is it unfair? If you benefit from the BBC TV channels, you must pay the license fee. There is even a rather large loophole, since you can recieve the radio stations and view the web site without a TV license. I won't even go into detail about the secondary benefits to society, such as a more educated public with a higher attention span, etc, which you *do* benefit from, even if you never use a BBC service directly...
> It is against the law to own a TV in the UK if you don't pay for a TV license.... It applies whether or not you use the BBC services.
Incorrect. If you don't use the TV to recieve television signals, you don't have to own a TV license.
> Electrical retailers even have to take your name and address should you purchase a TV or related equipment, like a DVD player, so that the government can check that you have a TV license.
Funny, this has never happened to me. Probably because I paid with a credit card. If you want to game the system, buy second hand gear or pay with cash.
> Everyone has to pay
I believe we've covered this.
> so some people
I'm not aware of anyone in the UK who is unable to recieve the BBC chanels.
> can get advert free TV, free radio and a fairly decent news website. Sounds fair doesn't it?
Absolutely. Looking at the US, the alternative seems to be coughing up $100 (£65) a month for 150 crapshite cable TV stations that show an unrelenting torrent of absolute drivel, 1/3 of which is advertising which, according to the TV station execs, I must watch or else be considered a thief!
As soon the company went public, its owners became the shareholders, who are in it for the money. If firing off lawsuits at other Linux-using parties becomes profitable, and the corporation's officers don't take that course of action, the shareholders can/will sue them for not acting within the best interests of the corporation.
Ok, so it's possible that a majority of IBM's stock is owned by peoplr with principles, but I wouldn't bet on it.
Finally, I apologise for having such a bad grasp of the proper legal terminology. I'm sure some one who knows more than me will correct any particularly egregious errors I have made.
You don't need to. Right click on the downloaded file, go to Properties | Digital Signatures, select the (single) Microsoft Corp signature and click Details. Now go and make a cup of tea.
When you return to your pc, there will be a window saying if the signature is valid or not.
Of course, this information is completley useless if you haven't veritied the authenticity of the certificates already on your system that are a part of this particular chain of trust, or if you don't trust any part of the software doing the data vertification and result reporting.;)
People have been sick of the way xfree86.org have fucked up X11 development for years. The licensing issue was the proverbial straw that broke the camel's back.:)
If SPF takes off, providers will be placed under increasing pressure to a) allow you to put TXT records in your domain (or even provide some kind of SPF wizard so newbies don't have to bother with the details themselves) and b) provide authenticated SMTP servers for roaming clients.
Right because even though there are thousands of organizations that are like this now that have never spammed, forged illegitimate mail or acted as zombies they are "a part of the problem" because they don't work the way SPF supporters think they should.
Right because even though there are thousands of organizations that are like this now that have never spammed, forged illegitimate mail or acted as zombies they are "a part of the problem" because they don't work the way those who want to ban open relays think they should.
Get over it. Set up your mail server to accept authenticated connections and move on. It really is not that difficult.
Right. Now show me the X11 messages that allow *anyone* to hijack a program connected to the server, by forcing the program to accept malicious data and then to start executing code at the address of that data.
There is a difference between a flaw in the implementation of a system (the ficticious X11 vulnerability that the AC was talking about) and a flaw in a system's architecture (the documented, proven, reproducible and *unfixable* "shatter" attack against Windows).
Actually the preferred way is to connect to port 25 and issue a STARTTLS command. The older practice of assigning two ports for every protocol, the second of which is to be used with SSL, does not scale.
Slashdot Mirror
I have the idea that it keeps all the various settings Windows has for file association in sync with what the user has specified in the QT control panel.
But qttask is easy to get rid of! The Quicktime control panel has a checkbox for it, and once unchecked it is gone forever, inlcluding a reinstall or upgrade of QT as far as I remember.
Should I mail you at akinghtcowboy@mail.slashdot.org? :)
This dilemma is resolved by the SRV DNS RR type. "Give me the endpoint for the 'web' service of 'domain.example':
_web._tcp.domain.example. IN SRV 5 0 80 webserver.domain.exampleSRV is like a more generalised form of MX; in fact you could declare that MX was deprecated in favour of _mail._tcp.domain.example. Everyone seems to be happy to contiue using A records for web sites, however.
I just hope she remembers the name of the company who got her into all this shit ("Microsoft") and buys a Mac next time. Of course she probably ponied up another $2000 for a brand new computer running Microsoft Windows XP, without a second thought.
So what? Am I paying more this way? No. Maybe I would like to reward him for introducing this book to me!
Fortunatly the arms race has not escalated so far that malware sits in the background, filtering all outgoing traffic destined for firewall web admin pages, checking the POST request bodies against known templates to extract the username and password (the templates for which being updated to work on new models of router/firewalls by downloading them from a P2P network)...
Yet. Interesting times await!
If I am dumb enough to run a program I got emailed at random on my Linux machine, any iptables commands it tries to run will fail becasue I don't run everything as root. Ditto for my (hypothetical) Macintoshes, or other unix workstations.
Unfortunatly the fact is that, due to years of bad software engineering on the part of MICROS~1 and lazy developers, pretty much every Windows user who is not locked down as part of a large corporate installation (which often aren't vulnerable to worms anyway because of decent security policies) logs in as an administrator all the time. All it takes is one malicious piece of software to disable the firewall, and bingo! the machine is vulnerable.
You say the firewall will wipe out 99.5% of Windows compromises. What about those users who don't install SP2, due to ignorance, apathy or piracy? What about all the Win2k, Windows ME, Win98, 95, machines still around?
It's like the fscking MS Office Assistant. Sure, it's easy to turn off on your own computer, but every other computer you sit down in front of is sure to have the infernal paperclip pop up and tell you that it looks like you're writing a letter!!
At best, I can see the process of natural selection escalating the arms race between MS and the blackhats. Either way, interesting times lie ahead!
> It is basically a very unfair TV tax.
... It applies whether or not you use the BBC services.
How is it unfair? If you benefit from the BBC TV channels, you must pay the license fee. There is even a rather large loophole, since you can recieve the radio stations and view the web site without a TV license. I won't even go into detail about the secondary benefits to society, such as a more educated public with a higher attention span, etc, which you *do* benefit from, even if you never use a BBC service directly...
> It is against the law to own a TV in the UK if you don't pay for a TV license.
Incorrect. If you don't use the TV to recieve television signals, you don't have to own a TV license.
> Electrical retailers even have to take your name and address should you purchase a TV or related equipment, like a DVD player, so that the government can check that you have a TV license.
Funny, this has never happened to me. Probably because I paid with a credit card. If you want to game the system, buy second hand gear or pay with cash.
> Everyone has to pay
I believe we've covered this.
> so some people
I'm not aware of anyone in the UK who is unable to recieve the BBC chanels.
> can get advert free TV, free radio and a fairly decent news website. Sounds fair doesn't it?
Absolutely. Looking at the US, the alternative seems to be coughing up $100 (£65) a month for 150 crapshite cable TV stations that show an unrelenting torrent of absolute drivel, 1/3 of which is advertising which, according to the TV station execs, I must watch or else be considered a thief!
As soon the company went public, its owners became the shareholders, who are in it for the money. If firing off lawsuits at other Linux-using parties becomes profitable, and the corporation's officers don't take that course of action, the shareholders can/will sue them for not acting within the best interests of the corporation.
Ok, so it's possible that a majority of IBM's stock is owned by peoplr with principles, but I wouldn't bet on it.
Finally, I apologise for having such a bad grasp of the proper legal terminology. I'm sure some one who knows more than me will correct any particularly egregious errors I have made.
Just remember, their "custom" software cannot violate the GPL unless they distribute it outside of the company.
You don't need to. Right click on the downloaded file, go to Properties | Digital Signatures, select the (single) Microsoft Corp signature and click Details. Now go and make a cup of tea.
;)
When you return to your pc, there will be a window saying if the signature is valid or not.
Of course, this information is completley useless if you haven't veritied the authenticity of the certificates already on your system that are a part of this particular chain of trust, or if you don't trust any part of the software doing the data vertification and result reporting.
Thanks for the link! I changed my servers to protocol 2 a while ago, because, um, 2 is higher than 1. :)
I wasn't aware that I am under any legal obligation to not mess around with traffic passing through my own AP on my property.
Does protocol 1 not give you protection from man in the middle attacks?
Too bad the firefox in Sid is still 0.9.1, and it looks like Sarge will be released with 0.8. :)
Of course, no Windows program has ever installed files outside of its directory in Program Files!
What's that? The ghost of Andrew Tenenbaum... mouthing the word "Microkernel, microkernel" over and over again!
What are you, some kind of communist?
CONSUME!
> yeah i'm a few years behind in my gaming.
Stay there, trust me.
People have been sick of the way xfree86.org have fucked up X11 development for years. The licensing issue was the proverbial straw that broke the camel's back. :)
Market forces!
If SPF takes off, providers will be placed under increasing pressure to a) allow you to put TXT records in your domain (or even provide some kind of SPF wizard so newbies don't have to bother with the details themselves) and b) provide authenticated SMTP servers for roaming clients.
If your provider doesn't, find one who does.
Right because even though there are thousands of organizations that are like this now that have never spammed, forged illegitimate mail or acted as zombies they are "a part of the problem" because they don't work the way those who want to ban open relays think they should.
Get over it. Set up your mail server to accept authenticated connections and move on. It really is not that difficult.
Right. Now show me the X11 messages that allow *anyone* to hijack a program connected to the server, by forcing the program to accept malicious data and then to start executing code at the address of that data.
There is a difference between a flaw in the implementation of a system (the ficticious X11 vulnerability that the AC was talking about) and a flaw in a system's architecture (the documented, proven, reproducible and *unfixable* "shatter" attack against Windows).
Actually the preferred way is to connect to port 25 and issue a STARTTLS command. The older practice of assigning two ports for every protocol, the second of which is to be used with SSL, does not scale.
The body of the message I replied to was as follows:
I am still waiting for a citation of such a vulnerability in the X Window System, version 11.
Cite?